May27
Personal Information
OK, you thought you were going to get some “really good dirt!” No, this isn’t regarding my private life, but rather some “personal information” which was inadvertently shared with the public.
My school district uses a web based Special Education program for students. The program includes features that generate via the user, Diagnostic Reports, Individual Education Plans (I.E.P.’s), etc… When the program was introduced, there was a training session and the district used our Social Security Numbers for SPED employees to log on to the program.
Earlier this month, it seems that the former data analyst (who now works part-time) accidentally posted staff and student personal information from a confidential SPED database to an unsecured website. The Special Education Automated System (SEAS) information was online from April 29th until May 5th. The LCPS information can be read here, and the Las Cruces Sun-News write up here and here.
Needless to say, this has created a huge problem for the school district. Each staff member and student who were affected received one year of “complimentary” credit monitoring for protection from identity theft, and a certified letter explaining the incident.
Not a good thing – not at all…
same thing happened here only with a system’s records that were managed for FL by another state (under Jeb Bush, of course….he shipped our state record keeping to Ohio)…..and it became known that the out-of-state company shipped their work of ours overseas….our records went everywhere unsecured…we were given the identity protection for a year, too….a year doesn’t seem long enough for something so significant…..still glad to see you at the keyboard….
What a pain! There’s something to be said for the good-old paper days.
Definitely not good! How can someone make such a major gaffe?
I am sorry your OT was so grueling today. I hope you feel better tomorrow.
Ok that’s terrifying. With all the HIPAA and FERPA and compliance regulations we have to comply with to handle student data at UNM that’s a horrible infringement. I really hope no one gets burned.
No compensation is good enough for this dreadful mistake. How on earth did this info “accidentally” get placed on a personal website? I smell a whole bunch of lawsuits b/c a free ticket to a credit bureau sure wouldn’t cut it for me.
What a fundamental mistake and a big hole in their security procedure. I Norway, you would need a special license for holding such personal data, but then again: how can one protect from unskilled or unconcerned staff?
Btw: Thanks for your visit and supportive comment on my post about TorAa son’s funeral!
Oh no! That is one of the things that is really at risk when everything can be accessed online, even if these people are employees. One mistake and everything is exposed.
I hope damage control was done. If it would help at all.